Apple Requires Only a Subpoena to Turn Over Push Notification Tokens to Law Enforcement; Google Requires a Court Order

Drew Harwell, reporting for The Washington Post:

Apple said in a statement that “the federal government had prohibited us from sharing any information” about the requests and now that the method had become public, it was updating its upcoming transparency reports to “detail these kinds of requests.”

Apple’s Law Enforcement Guidelines, the company’s rules for how police and government investigators should seek user information, now note that a person’s Apple ID, associated with a push-notification token, can be “obtained with a subpoena or greater legal process.”

Neither Wyden nor Apple detailed how many notifications had been reviewed, who had been targeted, what crimes were being investigated or which governments had made the requests.

Law enforcement agents can issue subpoenas on their own, so there’s no oversight here. Google, on the other hand, requires a court order:

For U.S. requests of push notifications and other non-content information, Google said it requires a court order, not just a subpoena, that is subject to judicial oversight. With such orders, federal officials must persuade a judge that the requested data is relevant and material to an ongoing criminal probe.

Score one for Google here.

Update, 11 December 2023: Apple has updated its guidelines and now requires a court order as well.

Wednesday, 6 December 2023